Give tax break so small Canadian firms can invest in cybersecurity, Parliament told

Ottawa should deploy a wide range of strategies, including tax breaks, to encourage small businesses to take cybersecurity more seriously, a member of a think tank told a parliamentary committee this week.

“I think the government should incentivize companies to adopt the latest security measures, such as the cybersecurity standard established by ISED (Innovation, Science and Economic Development) and CSE (the Canadian Security Establishment, the country’s electronic spy agency that also protects federal IT networks) for small and medium organizations,” Aaron Shull, managing director and general counsel of the Centre for International Governance Innovation (CIGI) told the House of Commons defence committee.

The standard he referred to is CyberSecure Canada, a program for small and medium-sized firms. Companies that meet certain criteria and pass a security audit can tell customers and partners they have met the certification standard.

Started in 2019, the program hasn’t been widely adopted. A year after the program was announced, IT World Canada found that only three firms had been certified.

“The standard provides a high level of protection,” Shull told the committee, “but its adoption — and this is the problem — has been limited. Implementing a tax benefit system as an incentive to help increase the overall level of cybersecurity in the country and reduce the risk of cyberattacks on businesses would be a way forward.”

Second, the federal government should establish a clear and concise legal framework for  how the private sector can deal with cyber attacks, including guidelines for attribution of attackers, response, and for liability should companies be allowed to hit attackers back. But, he added, the framework should also be “nimble and respond to a fast-changing environment. And the regulations should be driven by “sound policy” and not politics.  The cabinet would set standards, a code of practice and certification programs to act as an integrated compliance program, he said.

Third, Shull said, Ottawa should convene an annual cybersecurity conference for a wide range of stakeholders — companies, the IT industry, provincial, territorial, and municipal governments, academics, Indigenous communities, non-profits — to learn more about cybersecurity and do tabletop exercises. Not all sessions would be open to the general public.

One model, he added, is a “cybersecurity dialogue” that CIGI will host in June in Waterloo, Ont., where it is headquartered.

“In my view, cybersecurity is a whole of society concern for Canada,” Shull explained, “and everyone should do more to address this issue.”

In an interview, Shull noted the CyberSecure Canada program has been put forward by the Standards Council of Canada and the Digital Governance Council (formerly the CIO Strategy Council of Canada). “If you are a small and medium-sized enterprise you will probably be OK” to withstand attacks from unsophisticated threat actors, he said. It’s “relatively rare” for nation-state actors to go after SMEs here, he said.

But the federal government needs to give incentives to the private sector to act, Shull said. “We always wait for the ‘Oops’ moment before we do something.”

He isn’t sure how much of a tax incentive Ottawa should offer, other than “make it big enough that people will actually do it.”

But he added, the economic benefit of having companies spend less on recovering from a cyber attack should increase government revenue, and spur innovation.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now